Currently, individual websites and advertisers use “cookies” to track and collect information on users' behaviors and affinities, as well as personalize content to individual users. A cookie is a type of file stored to the user's device by the device's browser. Such files are also referred to as “web cookies,” “browser cookies,” and “HTTP cookies.”
Essentially, cookies are pieces of data sent to the browser by a website's web server. When the user initiates a request for a web page, the browser returns these pieces of data to the server, thereby introducing a state (memory of previous events) into an otherwise stateless hypertext transfer protocol (HTTP) transaction. Without cookies, each request for a webpage or component of a webpage is an isolated event. Other than being set by a web server, cookies can also be set by a script in a language such as JavaScript, if supported and enabled by the web browser.
Cookies are often used to track Internet users' web browsing habits. While this can also be done at some level by using internet protocol (IP) addresses, cookies provide greater precision and assurance of uniqueness of an individual. The general process for creating and using such cookies is described below.
The process is initiated when a browser on a client device sends a request to a website for a particular webpage. The website and webpage are identified by a uniform resource locator (URL) included in the request. After receiving such request, the website server will attempt to read any cookie previously stored on the client (e.g., by sending a request to the client for a cookie), and discover that the client contains no cookie. Lacking a cookie, the website server assumes this is the first visit by the user. Therefore, the server creates a cookie, and sends it back to the client browser together with a generic version of the requested webpage. On subsequent requests to the same website, the information collected by the cookie is automatically sent by the browser with the request, and the website server may customize the requested webpage based on the data in the cookie. In this way the website can log the cookie along with the corresponding URL requests sent to that site. By analyzing the log file, it is possible to find out which pages on the website the user has visited, and in what sequence.
However, cookies are considered more of a PC-based technology, which tends not to operate as well in a mobile environment. The use of cookies in a mobile environment can be inefficient and fraught with risks. For instance, many mobile devices do not have a browser capable of storing a cookie. Also, mobile devices commonly do not permit applications to store files in a location accessible in the manner required by a cookie. Furthermore, many mobile service providers block the use of cookies, either through management policies on the device or within the network itself. Thus many Internet sites (especially mobile sites) are unable to provide cookie functionality to mobile browsers, resulting in a sub-optimal Internet browsing experience for mobile users. This could result in an inability to gather data regarding a mobile device's browsing history or retain information about the mobile user, thus reducing or eliminating certain functionality. For example, web sites may not be able to offer a mobile user the “remember me” function, or customized and dynamic page presentation based on the user's likes and browsing history.
Since a cookie is generally implemented by a website, they only produce information based on the use of that specific site. While cross-domain cookies (cookies that work across several domain names) and “cookie exchanges” (organizations that attempt to synchronize a view of a user's affinities and behaviors by aggregating information from multiple cookies) exist, they still only collect information regarding a limited number of sites. These approaches lead to a disaggregated view of the user that significantly skews usage patterns, and thus do not accurately reflect the user's affinities, behaviors, etc.
Also, users are more and more frequently accessing websites through multiple devices, such as home and work computers, laptops, web-enabled phones, tablets, and TVs. With the use of multiple web browsers comes a proliferation of cookies, multiple views of a user's affinities and behaviors, and more entities using cookie exchange and cross-domain cookie technologies that expose the user to greater intrusions of privacy.
Risk of exposure of private information is a concern to many consumers. The operation of cookies is essentially hidden from users, and the intentions of the companies employing many of the cookies are unknown. Many mobile users are afraid of the potential exposure of private information to the cookies, and thus do not allow or tolerate cookies on their mobile devices. The propagation of cross-domain cookies and cookie exchanges adds to the lack of security and reliability of the information collected.
As an alternative to cookies, another way to track a user's behavior, affinities, and personal information is by placing a probe, or “packet sniffing” type device, in the network. Such a device can log user interactions at the network level. This technology is usually employed as a program or piece of hardware, which intercepts and logs traffic passing over a digital network. As the data flows across the network, the sniffer or probe captures each packet and, if needed, decodes the packet to reveal the values of the various fields in the packets.
Probe and packet sniffing technologies do not intrude on a device like cookies. However, they do present privacy issues in that they rely on some type of information within the network that is unique to the user such as an account ID, phone number, etc. Since this information is directly linked to an individual who can be personally identified by the network operator, this form of data gathering intrudes upon personally-identifiable information and is hence subject to strict regulatory control.
Other issues are also raised by the use of probe and packet sniffing technology. For example, such technology must be appropriately placed in the network typology in order to collect the traffic of interest. Within a mobile environment, multiple installations may be required thus increasing costs. Further, even multiple installations do not overcome the fact that many users roam outside their service provider's network, and thus have browsing traffic unseen by their home network operator. Also, since many networks are beginning to share capacity, multiple business entities would need to share information to enable a full view of a user's interactions with the Internet. This further raises privacy concerns (and also raises business concerns, e.g., whether customer information should be shared with a competitor). Moreover, today's devices feature more and more multiple access technologies such as Bluetooth and WiFi. When a mobile phone user accesses the Internet via one of these alternative networks, the user's mobile operator remains blind to the traffic created by the user.